Are you ready to create a Federated Application on the Intuit Partner Platform? Need help generating your x.509 certificate for testing? Coding in Java or .Net? Here's how…
You need to provide Intuit with your public key if you wish to Federate your application, here are the instructions for generating those x.509 certificates. Keep in mind these tools generate your certificate for testing only!
Microsoft .Net Instructions:
exe: MakeCert.exe
Location: C:Program FilesMicrosoft Visual Studio 9.0Common7Tools
Step 1: Create the .cer and .pvk, you will be prompted to create a password.
MakeCert -r -pe -ss IPPSampleStoreName -n "CN=IPPSample" IPPSample.cer -sky exchange -sv IPPSample.pvk
Step 2: Combine both files into the pfx file which is easily used by the .Net framework. Password is intuit for this example.
pvk2pfx -pvk IPPSample.pvk -pi intuit -spc IPPSample.cer -pfx IPPSample.pfx -f
Step 3: Submit a support incident with your inbound SAML gateway and the .cer file you just created.
Java KeyTool Instructions:
exe: KeyTool.exe
location: C:Program FilesJavajdk1.6.0_14jrebin
C:>keytool -genkey -alias ippsample-validity 1095 -keyalg RSA -keystore keystore.jks
Enter keystore password: intuit
C:Program FilesJavajdk1.6.0_14bin>keytool -genkey -alias ippsample -validity
1095 -keyalg RSA -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Intuit Partner Platform
What is the name of your organizational unit?
[Unknown]: PaaSG
What is the name of your organization?
[Unknown]: Intuit Inc
What is the name of your City or Locality?
[Unknown]: Waltham
What is the name of your State or Province?
[Unknown]: MA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Intuit Partner Platform, OU=PaaSG, O=Intuit Inc, L=Waltham, ST=MA, C=US co
rrect?
[no]: yes
Enter key password for <ippsample>
(RETURN if same as keystore password):
Re-enter new password:
C:>keytool -list -v -keystore keystore.jks
Enter keystore password: intuit
Alias name: ippsample
Creation date: Jul 20, 2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Intuit Partner Platform, OU=PaaSG, O=Intuit Inc, L=Waltham, ST=MA, C=U
S
Issuer: CN=Intuit Partner Platform, OU=PaaSG, O=Intuit Inc, L=Waltham, ST=MA, C=
US
Serial number: 4a64c596
Valid from: Mon Jul 20 15:29:26 EDT 2009 until: Thu Jul 19 15:29:26 EDT 2012
Certificate fingerprints:
MD5: AF:90:1D:41:1A:33:9D:70:CF:EE:B3:6F:C3:30:B9:65
SHA1: 2B:D4:E7:CA:A2:A6:9F:77:AE:A3:5D:55:E3:DA:C3:AE:35:A1:87:BB
Signature algorithm name: SHA1withRSA
Version: 3
*******************************************
*******************************************
*******************************************
*******************************************
C:>keytool -list -rfc -keystore keystore.jks
Enter keystore password: intuit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: ippsample
Creation date: Jul 20, 2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
—–BEGIN CERTIFICATE—–
MIICXTCCAcagAwIBAgIESmTFljANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTUExEDAOBgNVBAcTB1dhbHRoYW0xEzARBgNVBAoTCkludHVpdCBJbmMxDjAMBgNVBAsTBVBh
YVNHMSAwHgYDVQQDExdJbnR1aXQgUGFydG5lciBQbGF0Zm9ybTAeFw0wOTA3MjAxOTI5MjZaFw0x
MjA3MTkxOTI5MjZaMHMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4GA1UEBxMHV2FsdGhh
bTETMBEGA1UEChMKSW50dWl0IEluYzEOMAwGA1UECxMFUGFhU0cxIDAeBgNVBAMTF0ludHVpdCBQ
YXJ0bmVyIFBsYXRmb3JtMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCei1lo3plI7r9gQqOe
TiqcZ0sWmlhGovtr4jNIs6Nib9lAdzOAWEzOqPMu2uNjOomo5bgOtHNpGk3FRqCp38KIy1V9osNu
2rV2qT3Fa8W6A1BB5myHKclOwMss/w/gFc5y/lwx2NaqVc6WiChF7hhgCAHxmAHwjASsWhzUxqQd
zwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAGlsQBfhGS2zliVMybDzT9oLEjnZF/h+ZjLevkUArhT9
DTPztd4uj6RC58/TYHQp9O67zu/JOYewRmsoo902nQJDOkRdGC6SDIUqSw6CNhN0MJufzSQQxfWd
iRgCVeAzt3sNrh+nY49Zcuz001Xpss+6xTN9uuCSpsVIDohprlyR
—–END CERTIFICATE—–
*******************************************
*******************************************
C:Program FilesJavajdk1.6.0_14bin>keytool -export -rfc -alias ippsample -keystore
keystore.jks -file ippsample.crt
Enter keystore password:
Certificate stored in file <ippsample.crt>
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12
NOTE: If you are using a cert that is not signed by a recognized CA (like the self signed cert as described above), you need to import the public cert into the cacerts file on the system that is running the gateway:
-trustcacerts -keystore $JAVA_HOME/jre/security/cacerts -file ./ippsample.crt
-alias ippsample
Open SSL Instructions:
C:OpenSSLbin>openssl.exe req -x509 -nodes
-days 365 -newkey rsa:1024 -keyout sdgidfedapp11.corp.intuit.net.key -out
sdgidfedapp11.corp.intuit.net.crt
Loading
'screen' into random state – done
Generating
a 1024 bit RSA private key
………………++++++
……..++++++
writing
new private key to 'sdgidfedapp11.corp.intuit.net.key'
—–
You
are about to be asked to enter information that will be incorporated
into
your certificate request.
What
you are about to enter is what is called a Distinguished Name or a DN.
There
are quite a few fields but you can leave some blank
For
some fields there will be a default value,
If
you enter '.', the field will be left blank.
—–
Country
Name (2 letter code) [AU]:US
State
or Province Name (full name) [Some-State]:California
Locality
Name (eg, city) []:San
Diego
Organization
Name (eg, company) [Internet Widgits Pty Ltd]:Intuit
Organizational
Unit Name (eg, section) []:IAM
Common
Name (eg, YOUR name) []:sdgidfedapp11.corp.intuit.net
Email
Address []:
C:OpenSSLbin>
Lastly,
Submit your .crt file and your inbound gateway url to Intuit by submitting a support incident.
Leave a Reply